On Dec 2, 2004, at 6:25 PM, ~{Ir;*AV~} wrote:
what does the 10 bytes mean~{#?~}
The file header is 24 bytes long, not 10 bytes long.
The first 4 bytes are a 4-byte "magic number", with a value that's
either 0xa1b2c3d4 or 0xd4c3b2a1. If it's 0xa1b2c3d4, all the other
fields in the file header, an
what does the 10 bytes mean?-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Robert Lowe wrote:
Well, I was reporting this from memory. Let me back up a bit. When I first
looked at pcap, I went through Tim Carsten's tutorial, referenced from the
tcpdump.org website. Using that code (sniffer.c) on Linux with a downed eth0
i/f (forcing the dev to any) results in very weird
Guy Harris wrote:
On Dec 1, 2004, at 3:31 PM, Robert Lowe wrote:
In testing a small app using libpcap, I noticed differences in
behaviour when
using the loopback interface vs. using a hardware interface. In
particular,
it seems the packets coming in over the loopback interface are still
in host
Guy Harris wrote:
if it *does* use "pcap_compile()" and "pcap_setfilter()", i.e. it
already does packet filtering, it *adds* to the filter an expression
to reject all the traffic from laptop B, i.e. instead of filtering
with an expression X, you filter with "(not wlan src
BB:BB:BB:BB:BB:BB)
